super virus of some sort

Started by dmscott84, July 14, 2010, 10:22:02 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

dmscott84

July 14, 2010, 10:22:02 AM
a few days ago i noticed my taskbar said i wasnt connected to the internet so i checked and i was so i was like what the hell.... and i tried to run windows live onecare since ive had a virus before. when i went to run the program it couldnt start and said cannot continue or start please restart, i did and it didnt work. windows defender gets errors, i tried to restore my computer to a week prior to see if it would be ok and no matter how far back i restored it was the same nothing worked.

so i went into safemode and tried and it was the same. i bought norton 2010 and could only install it in safemode, in normal mode it just froze and crashed. i ran a full scan in safemode and it found a trojan which it removed. i restarted and nothing had changed.  so i downloaded in safemode with networking malwarebytes and it found 5 trojan which it removed. still nothing changed.  ive tried everything i have possibly found online to save my computer and i cant afford to take it to an expensive computer tech place.

what can i do? if it doesnt get fixed soon im just gonna smash it with a bat

Corrine

#1
July 14, 2010, 02:06:10 PM
Hi, dmscott84.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please do the following:

Post as a reply a copy of the MBAM log that showed the trojans.  The log can be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.

Please download random's system information tool (RSIT):

  • Download RSIT by random/random from here and save it to your desktop.
  • Double-click RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

dmscott84

#2
July 14, 2010, 06:53:59 PM
Malwarebytes log:

Registry Keys Infected:
HKEY_CLASSES_ROOT\gksraemq.brsf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b1279b8-58c1-41aa-a972-f20853dd2296} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b1279b8-58c1-41aa-a972-f20853dd2296} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-14 12:48:58
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 215 GB (56%) free of 382 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:07 PM, on 7/14/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: gksraemq - {0F4D1291-8DEF-4D4E-AA11-D5B4DD8945C2} - C:\Windows\gksraemq.dll (file missing)
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone: http://www.swtor.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7177 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{38F16D1B-D518-4ABF-84BB-9D919E0F0F6A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-03 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-28 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]
{0F4D1291-8DEF-4D4E-AA11-D5B4DD8945C2} - gksraemq - C:\Windows\gksraemq.dll []
{D4027C7F-154A-4066-A1AD-4243D8127440} - LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-28 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-06-15 47408]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-03 198160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2010-02-05 65256]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-05-25 37888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymSMR100]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-14 12:48:58 ----D---- C:\rsit
2010-07-14 12:48:58 ----D---- C:\Program Files\trend micro
2010-07-13 13:30:12 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-07-13 13:30:04 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-13 13:30:03 ----D---- C:\ProgramData\Malwarebytes
2010-07-13 13:30:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-13 13:30:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-13 11:26:49 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2010-07-13 11:26:19 ----D---- C:\Windows\system32\drivers\NAV
2010-07-13 11:26:17 ----D---- C:\Program Files\Norton AntiVirus
2010-07-13 11:19:16 ----D---- C:\Windows\LMI82A6.tmp
2010-07-13 02:51:48 ----D---- C:\Windows\LMI6DBF.tmp
2010-07-13 02:40:58 ----D---- C:\Windows\LMI759C.tmp
2010-07-13 02:37:10 ----D---- C:\Windows\LMI73A9.tmp
2010-07-13 02:32:34 ----D---- C:\Windows\LMI951D.tmp
2010-07-13 01:49:59 ----D---- C:\Windows\LMIA5EF.tmp
2010-07-13 01:24:29 ----D---- C:\Windows\LMI8F82.tmp
2010-07-12 23:53:23 ----A---- C:\Windows\ntbtlog.txt
2010-07-12 17:10:26 ----D---- C:\Windows\LMIB8A4.tmp
2010-07-12 17:09:59 ----D---- C:\Windows\LMI5032.tmp
2010-07-12 12:36:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-12 12:21:18 ----D---- C:\Users\Owner\AppData\Roaming\Tific
2010-07-12 12:08:16 ----D---- C:\ProgramData\Norton
2010-07-09 12:04:40 ----A---- C:\Windows\system32\xfcodec.dll
2010-06-27 16:40:47 ----D---- C:\Program Files\Microsoft(10)
2010-06-27 16:40:47 ----D---- C:\Program Files\Microsoft
2010-06-27 16:38:01 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 12:06:41 ----A---- C:\Windows\system32\psisdecd.dll
2010-06-24 12:06:38 ----A---- C:\Windows\system32\EncDec.dll
2010-06-24 12:05:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 12:05:44 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 12:05:44 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 12:05:44 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 12:05:44 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 18:15:29 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 18:15:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 18:01:26 ----D---- C:\Program Files\iPod(122)
2010-06-21 18:01:26 ----D---- C:\Program Files\iPod
2010-06-21 18:01:24 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-21 18:01:24 ----D---- C:\Program Files\iTunes(123)
2010-06-21 18:01:24 ----D---- C:\Program Files\iTunes
2010-06-21 17:59:12 ----D---- C:\Program Files\QuickTime(165)
2010-06-21 17:59:12 ----D---- C:\Program Files\QuickTime
2010-06-21 17:54:32 ----D---- C:\Program Files\Bonjour(10)
2010-06-21 17:54:32 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2010-07-14 12:48:58 ----D---- C:\Program Files
2010-07-14 06:18:11 ----D---- C:\Program Files\Defraggler
2010-07-14 06:09:53 ----HD---- C:\ProgramData
2010-07-14 06:06:01 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-14 06:05:53 ----D---- C:\Windows\system32\drivers
2010-07-14 05:59:09 ----D---- C:\Windows\Temp
2010-07-14 05:51:42 ----D---- C:\Users\Owner\AppData\Roaming\Xfire
2010-07-14 04:38:23 ----D---- C:\Program Files\Xfire
2010-07-14 04:38:22 ----D---- C:\ProgramData\Xfire
2010-07-14 03:52:53 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2010-07-14 02:33:12 ----D---- C:\Windows\pss
2010-07-14 02:04:42 ----D---- C:\Windows\System32
2010-07-14 02:04:42 ----D---- C:\Windows\inf
2010-07-13 23:07:15 ----D---- C:\Windows\SchCache
2010-07-13 12:50:46 ----D---- C:\Windows\system32\Tasks
2010-07-13 12:50:45 ----D---- C:\Windows\Tasks
2010-07-13 11:29:00 ----SHD---- C:\System Volume Information
2010-07-13 11:19:16 ----D---- C:\Windows
2010-07-12 23:24:51 ----D---- C:\Windows\system32\drivers\etc
2010-07-12 23:17:16 ----D---- C:\Windows\system32\catroot2
2010-07-12 23:05:44 ----D---- C:\Windows\Microsoft.NET
2010-07-12 23:05:41 ----D---- C:\Windows\system32\wbem
2010-07-12 23:04:55 ----D---- C:\Windows\system32\config
2010-07-12 23:04:18 ----SD---- C:\Windows\Downloaded Program Files
2010-07-12 23:04:18 ----D---- C:\Windows\winsxs
2010-07-12 23:04:05 ----D---- C:\Windows\system32\spool
2010-07-12 23:04:05 ----D---- C:\Windows\system32\Msdtc
2010-07-12 23:04:05 ----D---- C:\Windows\system32\en-US
2010-07-12 23:04:05 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-12 23:04:05 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-12 23:04:05 ----D---- C:\Windows\system32\catroot
2010-07-12 23:04:03 ----SHD---- C:\Windows\Installer
2010-07-12 23:04:03 ----RSD---- C:\Windows\Media
2010-07-12 23:04:01 ----RSD---- C:\Windows\Fonts
2010-07-12 23:04:01 ----RSD---- C:\Windows\assembly
2010-07-12 23:03:58 ----D---- C:\Users\Owner\AppData\Roaming\Winamp
2010-07-12 23:03:58 ----D---- C:\Users\Owner\AppData\Roaming\Ventrilo
2010-07-12 23:03:57 ----RD---- C:\Users
2010-07-12 23:03:57 ----D---- C:\ProgramData\NVIDIA
2010-07-12 23:03:52 ----D---- C:\Program Files\WinZip
2010-07-12 23:03:51 ----D---- C:\Program Files\Winamp Detect
2010-07-12 23:03:51 ----D---- C:\Program Files\Winamp
2010-07-12 23:03:50 ----D---- C:\Program Files\Mozilla Firefox
2010-07-12 23:03:50 ----D---- C:\Program Files\Microsoft Works
2010-07-12 23:03:49 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-12 23:03:47 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-12 23:03:47 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-12 23:03:47 ----D---- C:\Program Files\Common Files\LightScribe
2010-07-12 23:03:45 ----D---- C:\Program Files\Common Files\Apple
2010-07-12 23:03:45 ----D---- C:\Program Files\Ask.com
2010-07-12 23:03:23 ----D---- C:\Windows\registration
2010-07-12 18:50:35 ----D---- C:\Windows\Prefetch
2010-07-12 12:36:19 ----D---- C:\Program Files\Common Files
2010-07-11 23:25:09 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2010-07-10 11:27:54 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2010-06-27 16:40:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-24 12:34:41 ----D---- C:\Windows\ehome
2010-06-24 12:34:41 ----D---- C:\Windows\AppPatch
2010-06-21 19:02:06 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\system32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [2009-10-14 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [2009-11-25 172592]
R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
S1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-10 536112]
S1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NAV\1106000.020\ccHPx86.sys [2010-02-25 501888]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-07-13 371248]
S1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys [2009-11-16 343088]
S1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NAV\1106000.020\SRTSP.SYS [2010-02-26 325680]
S1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1106000.020\SRTSPX.SYS [2010-02-26 43696]
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAV\1106000.020\Ironx86.SYS [2010-02-26 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS [2009-11-21 340016]
S2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
S2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
S3 ALSysIO;ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO.sys []
S3 AVMNgBasM780;AVerMedia M780 Base Driver; C:\Windows\system32\DRIVERS\AVerBas.sys [2006-12-10 51584]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver; C:\Windows\system32\DRIVERS\AVerCap.sys [2006-12-10 364544]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver; C:\Windows\system32\DRIVERS\AVerTun.sys [2006-12-10 162304]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632]
S3 ltmodem5;Agere Modem Driver; C:\Windows\system32\DRIVERS\ltmdmnt.sys [2006-11-02 503296]
S3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100304.005\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100304.005\NAVEX15.SYS []
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-11 11586280]
S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-07-13 124976]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2005-11-17 245376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
S2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2010-02-05 26120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2010-02-05 1141112]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe []
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.08 2010-07-14 12:49:08

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9  -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Age of Conan - Hyborian Adventures-->"C:\Program Files\Funcom\Age of Conan\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32DA464B-1B35-4FE6-B44C-48D6847D11C9}\setup.exe" -l0x9
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CPUID CPU-Z 1.53.1-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire 5.5.8-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys Dual-Band Wireless-N USB Network Adapter-->C:\Program Files\InstallShield Installation Information\{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}\setup.exe -runfromtemp -l0x0409
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Protection Service-->MsiExec.exe /I{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Live OneCare Resources v2.5.2900.30-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.30 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.30-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Move Networks Media Player for Internet Explorer-->C:\Users\Owner\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\17.6.0.32\InstStub.exe /X
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9  -removeonly
ProxyCap-->MsiExec.exe /I{EFE5F393-1A2E-408E-A9DE-7D5C808598A6}
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9  /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Star Wars: Knights of the Old Republic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/32370
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{92482FB3-C05B-41C6-89E7-75D985602A6E}
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Tropico 3 1.02-->"C:\Program Files\Kalypso\Tropico 3\uninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Hosts File Missing
======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 256411
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100714131625.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 256429
Source Name: Service Control Manager
Time Written: 20100714131633.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccHP
eeCtrl
IDSVix86
spldr
SRTSP
SRTSPX
SymIRON
SYMTDIv
Wanarpv6
Record Number: 256438
Source Name: Service Control Manager
Time Written: 20100714131633.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 256442
Source Name: volsnap
Time Written: 20100714183157.086702-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}
Record Number: 256444
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100714194237.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 62980
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100714131405.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 62983
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100714131406.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 62988
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100714131515.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
Record Number: 62991
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100714131620.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x8007043C
Record Number: 62994
Source Name: MsiInstaller
Time Written: 20100714194237.000000-000
Event Type: Warning
User: Owner-PC\Owner

=====Security event log=====

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys   
Record Number: 128350
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714194906.304302-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys   
Record Number: 128351
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714194906.367302-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys   
Record Number: 128352
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714194906.424302-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys   
Record Number: 128353
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714194906.482302-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys   
Record Number: 128354
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714194906.539302-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Corrine

#3
July 14, 2010, 09:36:01 PM
Hi, dmscott84.

In addition to out-of-date and vulnerable software on your computer that needs addressing to prevent further infection, I note that you have P2P software installed. 

A strong word of caution:  With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Note:  If you can only download via safe mode with networking, the ComboFix will wok best if you boot to normal mode when running.

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

dmscott84

#4
July 14, 2010, 10:33:49 PM
it let me download it but whatever is in my computer wont let me run the program. should i do it in safemode with networking since im unable to get it to work in normal?

winchester73

#5
July 14, 2010, 10:59:38 PM
Try renaming the file on your desktop from ComboFix.exe to dmscott84.exe, and see if it will run ...
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Corrine

#6
July 14, 2010, 11:22:31 PM
Another option is to run RKill first:

Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four


  • Double-click rkill to run.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.
Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

If it still doesn't run, you may want to rename it with a different extension; i.e., ComboFix.com


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

dmscott84

#7
July 14, 2010, 11:23:12 PM
ok ill try that.

i also ran combofix in safemode with networking just to see if it would work. it did. here is the log from the safemode run. If i get it to run in normal mode ill show that too.

SAFE MODE WITH NETWORKING LOG:

ComboFix 10-07-14.01 - Owner 07/14/2010  17:07:13.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2046.1502 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\EfaData
c:\system volume information\EfaData\SYMEFA.DB
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\system volume information\EfaData\SYMEFA.DB
c:\windows\system32\sbcrreag.dll

.
(((((((((((((((((((((((((   Files Created from 2010-06-15 to 2010-07-15  )))))))))))))))))))))))))))))))
.

2010-07-15 00:14 . 2010-07-15 00:14   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2010-07-15 00:14 . 2010-07-15 00:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-15 00:06 . 2010-07-15 00:06   --------   d-----w-   C:\32788R22FWJFW
2010-07-14 19:48 . 2010-07-14 19:49   --------   d-----w-   C:\rsit
2010-07-14 19:48 . 2010-07-14 19:49   --------   d-----w-   c:\program files\trend micro
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2010-07-13 20:30 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\programdata\Malwarebytes
2010-07-13 20:30 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-13 20:16 . 2010-07-13 20:16   680   ----a-w-   c:\users\Owner\AppData\Local\d3d9caps.dat
2010-07-13 20:13 . 2010-07-13 20:13   --------   d-----w-   c:\users\Owner\AppData\Local\Tific
2010-07-13 18:26 . 2010-07-13 18:26   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-13 18:26 . 2010-07-13 18:26   --------   d-----w-   c:\windows\system32\drivers\NAV
2010-07-13 18:26 . 2010-07-13 18:26   --------   d-----w-   c:\program files\Norton AntiVirus
2010-07-13 18:19 . 2010-07-13 18:30   --------   d-----w-   c:\windows\LMI82A6.tmp
2010-07-13 09:51 . 2010-07-13 09:51   --------   d-----w-   c:\windows\LMI6DBF.tmp
2010-07-13 09:50 . 2010-07-13 09:50   69192   ----a-w-   c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-13 09:40 . 2010-07-13 09:48   --------   d-----w-   c:\windows\LMI759C.tmp
2010-07-13 09:37 . 2010-07-13 09:37   --------   d-----w-   c:\windows\LMI73A9.tmp
2010-07-13 09:32 . 2010-07-13 09:33   --------   d-----w-   c:\windows\LMI951D.tmp
2010-07-13 08:49 . 2010-07-13 09:28   --------   d-----w-   c:\windows\LMIA5EF.tmp
2010-07-13 08:24 . 2010-07-13 08:46   --------   d-----w-   c:\windows\LMI8F82.tmp
2010-07-13 04:05 . 2010-07-13 04:06   --------   d-----w-   c:\users\Owner\AppData\Local\NPE
2010-07-13 00:16 . 2010-07-13 00:16   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ICS
2010-07-13 00:10 . 2010-07-13 00:10   --------   d-----w-   c:\windows\LMIB8A4.tmp
2010-07-13 00:09 . 2010-07-13 01:34   --------   d-----w-   c:\windows\LMI5032.tmp
2010-07-12 19:36 . 2010-07-13 18:26   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-12 19:21 . 2010-07-13 20:13   --------   d-----w-   c:\users\Owner\AppData\Roaming\Tific
2010-07-12 19:08 . 2010-07-14 13:05   --------   d-----w-   c:\programdata\Norton
2010-07-09 19:04 . 2010-07-09 19:04   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2010-06-27 23:40 . 2010-07-13 06:03   --------   d-----w-   c:\program files\Microsoft
2010-06-27 23:40 . 2010-06-27 23:40   --------   d-----w-   c:\program files\Microsoft(10)
2010-06-27 23:38 . 2010-06-27 23:38   --------   d-----w-   c:\program files\Microsoft.NET
2010-06-24 19:06 . 2010-04-14 17:47   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2010-06-24 19:06 . 2010-04-14 17:46   428544   ----a-w-   c:\windows\system32\EncDec.dll
2010-06-24 19:05 . 2009-11-08 17:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-24 19:05 . 2009-11-08 17:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-24 19:05 . 2009-11-08 17:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-24 19:05 . 2009-11-08 17:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-24 19:05 . 2009-11-08 17:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-24 01:15 . 2010-04-16 16:05   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-06-24 01:15 . 2010-04-16 14:17   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 01:01 . 2010-07-13 06:03   --------   d-----w-   c:\program files\iPod
2010-06-22 01:01 . 2010-06-22 01:01   --------   d-----w-   c:\program files\iPod(122)
2010-06-22 01:01 . 2010-07-13 06:03   --------   d-----w-   c:\program files\iTunes
2010-06-22 01:01 . 2010-06-22 01:02   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 01:01 . 2010-06-22 01:02   --------   d-----w-   c:\program files\iTunes(123)
2010-06-22 00:59 . 2010-07-13 06:03   --------   d-----w-   c:\program files\QuickTime
2010-06-22 00:59 . 2010-06-22 00:59   --------   d-----w-   c:\program files\QuickTime(165)
2010-06-22 00:54 . 2010-07-13 06:03   --------   d-----w-   c:\program files\Bonjour
2010-06-22 00:54 . 2010-06-22 00:54   --------   d-----w-   c:\program files\Bonjour(10)
2010-06-22 00:52 . 2010-06-22 00:52   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 00:00 . 2010-04-25 09:24   --------   d-----w-   c:\users\Owner\AppData\Roaming\LimeWire
2010-07-14 13:18 . 2010-02-16 23:10   --------   d-----w-   c:\program files\Defraggler
2010-07-14 13:06 . 2007-01-31 17:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-14 12:51 . 2008-07-17 01:15   --------   d-----w-   c:\users\Owner\AppData\Roaming\Xfire
2010-07-14 11:38 . 2008-07-17 01:15   --------   d-----w-   c:\program files\Xfire
2010-07-14 11:38 . 2008-07-17 01:15   --------   d-----w-   c:\programdata\Xfire
2010-07-14 06:08 . 2010-02-17 02:23   101667   ----a-w-   c:\programdata\nvModes.dat
2010-07-13 18:26 . 2010-07-13 18:26   805   ----a-w-   c:\windows\system32\drivers\SYMEVENT.INF
2010-07-13 18:26 . 2010-07-13 18:26   7443   ----a-w-   c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-13 06:03 . 2010-06-06 07:59   --------   d-----w-   c:\users\Owner\AppData\Roaming\Winamp
2010-07-13 06:03 . 2007-11-03 06:58   --------   d-----w-   c:\users\Owner\AppData\Roaming\Ventrilo
2010-07-13 06:03 . 2007-08-17 17:58   --------   d-----w-   c:\programdata\NVIDIA
2010-07-13 06:03 . 2010-06-06 08:00   --------   d-----w-   c:\program files\Winamp Detect
2010-07-13 06:03 . 2010-06-06 07:59   --------   d-----w-   c:\program files\Winamp
2010-07-13 06:03 . 2007-02-06 01:43   --------   d-----w-   c:\program files\Microsoft Works
2010-07-13 06:03 . 2008-09-08 05:29   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-07-13 06:03 . 2010-03-29 02:08   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2010-07-13 06:03 . 2007-03-02 02:15   --------   d-----w-   c:\program files\Common Files\LightScribe
2010-07-13 06:03 . 2010-04-25 09:24   --------   d-----w-   c:\program files\Ask.com
2010-07-13 06:03 . 2007-08-12 20:12   --------   d-----w-   c:\program files\Common Files\Apple
2010-07-10 18:27 . 2010-03-29 02:06   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
2010-06-27 23:31 . 2010-04-26 21:43   439816   ----a-w-   c:\users\Owner\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-22 02:02 . 2007-07-10 22:44   --------   d-----w-   c:\users\Owner\AppData\Roaming\Apple Computer
2010-06-09 05:28 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-06-08 00:21 . 2010-05-22 08:13   --------   d-----w-   c:\users\Owner\AppData\Roaming\Tropico 3
2010-06-04 08:18 . 2010-03-16 23:23   --------   d-----w-   c:\program files\Common Files\Blizzard Entertainment
2010-06-03 10:54 . 2007-08-13 04:03   --------   d-----w-   c:\program files\Google
2010-06-03 10:48 . 2009-07-16 02:58   --------   d-----w-   c:\users\Owner\AppData\Roaming\Darkfall US
2010-06-01 20:56 . 2009-11-25 11:11   --------   d-----w-   c:\program files\Steam
2010-05-26 16:16 . 2010-06-08 20:41   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-08 20:41   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-22 08:05 . 2010-05-22 08:05   --------   d-----w-   c:\program files\Kalypso
2010-05-19 23:56 . 2010-05-19 23:55   --------   d-----w-   c:\programdata\PMB Files
2010-05-19 23:55 . 2010-05-19 23:55   --------   d-----w-   c:\program files\Pando Networks
2010-05-18 23:35 . 2010-05-18 23:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-15 08:09 . 2010-05-15 07:55   43520   ----a-w-   c:\windows\system32\CmdLineExt03.dll
2010-05-09 18:33 . 2010-05-09 18:33   77312   ----a-w-   c:\users\Owner\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-05-04 05:59 . 2010-06-08 20:41   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 20:41   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-08 20:41   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-08 20:41   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-08 20:41   2036224   ----a-w-   c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 19:27   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-23 01:11 . 2010-04-23 01:11   658184   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-16 16:10 . 2010-06-08 20:41   1314816   ----a-w-   c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-24 01:15   459776   ----a-w-   c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-24 01:15   173056   ----a-w-   c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-24 01:15   2153984   ----a-w-   c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-24 01:15   541696   ----a-w-   c:\windows\AppPatch\AcLayers.dll
2007-01-31 17:23 . 2007-01-31 17:23   848   --sha-w-   c:\windows\System32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 19:11   1196936   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-26 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-23 108544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\ccHPx86.sys [2010-02-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys [2009-11-17 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS [2009-11-22 340016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2010-02-05 26120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO.sys

  • R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2006-12-10 51584]
    R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2006-12-10 364544]
    R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2006-12-10 162304]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe

  • R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe

  • R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe

  • R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-15 570880]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [2009-11-26 172592]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{38F16D1B-D518-4ABF-84BB-9D919E0F0F6A}.job
    - c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: swtor.com\www
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tft48oag.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    HKLM-RunOnce-<NO NAME> - (no file)
    AddRemove-NAV - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\17.6.0.32\InstStub.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-14 17:14
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...  

    scanning hidden autostart entries ...

    scanning hidden files ...  

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2010-07-14  17:15:41
    ComboFix-quarantined-files.txt  2010-07-15 00:15

    Pre-Run: 225,922,363,392 bytes free
    Post-Run: 225,739,116,544 bytes free

    - - End Of File - - AB996C325CA7E4A9BC61EEE6B6830F33

Corrine

#8
July 14, 2010, 11:25:19 PM
No, don't run it again yet.  Let me take a look at this log first.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#9
July 14, 2010, 11:55:59 PM
Hi, Hi, dmscott84.

Since you installed Norton, please go to add/remove programs and uninstall Windows Live OneCare.  While you're there, if you have the Ask toolbar because you missed the pre-checked option when installing another program, I suggest you uninstall that as well.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Folder::
c:\windows\LMI82A6.tmp
c:\windows\LMI6DBF.tmp
c:\windows\LMI759C.tmp
c:\windows\LMI73A9.tmp
c:\windows\LMI951D.tmp
c:\windows\LMIA5EF.tmp
c:\windows\LMI8F82.tmp
c:\windows\LMIB8A4.tmp
c:\windows\LMI5032.tmp


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Let's also see the results of an online scan.  Please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

dmscott84

#10
July 15, 2010, 12:04:48 AM
it wont let me uninstall windows live onecare. it freezes and crashes during uninstall. and i cant run combofix unless its in safemode

Corrine

#11
July 15, 2010, 12:15:54 AM
Run ComboFix in safe mode again and then see if you can run the online scan.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

dmscott84

#12
July 15, 2010, 12:16:21 AM
ok ill try that

dmscott84

#13
July 15, 2010, 12:38:30 AM
here is the combofix log after dragging and dropping that notepad file you had me make into it.

ComboFix 10-07-14.01 - Owner 07/14/2010  18:23:08.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2046.1502 [GMT -7:00]
Running from: c:\users\Owner\Desktop\dmscott84.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\EfaData
c:\system volume information\EfaData\SYMEFA.DB
c:\windows\LMI5032.tmp
c:\windows\LMI5032.tmp\rescue.log
c:\windows\LMI5032.tmp\session.log
c:\windows\LMI6DBF.tmp
c:\windows\LMI6DBF.tmp\lmi_rescue.exe
c:\windows\LMI6DBF.tmp\logo.bmp
c:\windows\LMI6DBF.tmp\params.txt
c:\windows\LMI6DBF.tmp\ra64app.exe
c:\windows\LMI6DBF.tmp\rahook.dll
c:\windows\LMI6DBF.tmp\rescue.ico
c:\windows\LMI6DBF.tmp\rescue.log
c:\windows\LMI73A9.tmp
c:\windows\LMI73A9.tmp\chat.rtf
c:\windows\LMI73A9.tmp\ICSAgent32.dll
c:\windows\LMI73A9.tmp\lmi_rescue.exe
c:\windows\LMI73A9.tmp\LMIRhook.000.dll
c:\windows\LMI73A9.tmp\logo.bmp
c:\windows\LMI73A9.tmp\params.txt
c:\windows\LMI73A9.tmp\ra64app.exe
c:\windows\LMI73A9.tmp\rahook.dll
c:\windows\LMI73A9.tmp\rarcc.dll
c:\windows\LMI73A9.tmp\rescue.ico
c:\windows\LMI73A9.tmp\rescue.log
c:\windows\LMI73A9.tmp\session.log
c:\windows\LMI759C.tmp
c:\windows\LMI759C.tmp\chat.rtf
c:\windows\LMI759C.tmp\ICSAgent32.dll
c:\windows\LMI759C.tmp\lmi_rescue.exe
c:\windows\LMI759C.tmp\LMIRhook.000.dll
c:\windows\LMI759C.tmp\logo.bmp
c:\windows\LMI759C.tmp\params.txt
c:\windows\LMI759C.tmp\ra64app.exe
c:\windows\LMI759C.tmp\rahook.dll
c:\windows\LMI759C.tmp\rarcc.dll
c:\windows\LMI759C.tmp\rescue.ico
c:\windows\LMI759C.tmp\rescue.log
c:\windows\LMI759C.tmp\session.log
c:\windows\LMI82A6.tmp
c:\windows\LMI82A6.tmp\rescue.log
c:\windows\LMI8F82.tmp
c:\windows\LMI8F82.tmp\chat.rtf
c:\windows\LMI8F82.tmp\lmi_rescue.exe
c:\windows\LMI8F82.tmp\LMIRhook.000.dll
c:\windows\LMI8F82.tmp\params.txt
c:\windows\LMI8F82.tmp\rahook.dll
c:\windows\LMI8F82.tmp\rarcc.dll
c:\windows\LMI8F82.tmp\rescue.log
c:\windows\LMI951D.tmp
c:\windows\LMI951D.tmp\chat.rtf
c:\windows\LMI951D.tmp\ICSAgent32.dll
c:\windows\LMI951D.tmp\lmi_rescue.exe
c:\windows\LMI951D.tmp\LMIRhook.000.dll
c:\windows\LMI951D.tmp\logo.bmp
c:\windows\LMI951D.tmp\params.txt
c:\windows\LMI951D.tmp\ra64app.exe
c:\windows\LMI951D.tmp\rahook.dll
c:\windows\LMI951D.tmp\rarcc.dll
c:\windows\LMI951D.tmp\rescue.ico
c:\windows\LMI951D.tmp\rescue.log
c:\windows\LMI951D.tmp\session.log
c:\windows\LMIA5EF.tmp
c:\windows\LMIA5EF.tmp\chat.rtf
c:\windows\LMIA5EF.tmp\ICSAgent32.dll
c:\windows\LMIA5EF.tmp\lmi_rescue.exe
c:\windows\LMIA5EF.tmp\LMIRhook.000.dll
c:\windows\LMIA5EF.tmp\logo.bmp
c:\windows\LMIA5EF.tmp\params.txt
c:\windows\LMIA5EF.tmp\ra64app.exe
c:\windows\LMIA5EF.tmp\rahook.dll
c:\windows\LMIA5EF.tmp\rarcc.dll
c:\windows\LMIA5EF.tmp\rescue.ico
c:\windows\LMIA5EF.tmp\rescue.log
c:\windows\LMIA5EF.tmp\session.log
c:\windows\LMIB8A4.tmp
c:\windows\LMIB8A4.tmp\rescue.log

.
(((((((((((((((((((((((((   Files Created from 2010-06-15 to 2010-07-15  )))))))))))))))))))))))))))))))
.

2010-07-15 01:31 . 2010-07-15 01:31   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2010-07-15 01:31 . 2010-07-15 01:31   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-07-15 01:31 . 2010-07-15 01:31   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-07-15 01:31 . 2010-07-15 01:31   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-15 01:21 . 2010-07-15 01:22   --------   d-----w-   C:\32788R22FWJFW
2010-07-14 19:48 . 2010-07-14 19:49   --------   d-----w-   C:\rsit
2010-07-14 19:48 . 2010-07-14 19:49   --------   d-----w-   c:\program files\trend micro
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\users\Owner\AppData\Roaming\Malwarebytes
2010-07-13 20:30 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-13 20:30 . 2010-07-13 20:30   --------   d-----w-   c:\programdata\Malwarebytes
2010-07-13 20:30 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-13 20:16 . 2010-07-13 20:16   680   ----a-w-   c:\users\Owner\AppData\Local\d3d9caps.dat
2010-07-13 20:13 . 2010-07-13 20:13   --------   d-----w-   c:\users\Owner\AppData\Local\Tific
2010-07-13 18:26 . 2010-07-13 18:26   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-13 18:26 . 2010-07-13 18:26   --------   d-----w-   c:\windows\system32\drivers\NAV
2010-07-13 18:26 . 2010-07-13 18:26   --------   d-----w-   c:\program files\Norton AntiVirus
2010-07-13 09:50 . 2010-07-13 09:50   69192   ----a-w-   c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-13 04:05 . 2010-07-13 04:06   --------   d-----w-   c:\users\Owner\AppData\Local\NPE
2010-07-13 00:16 . 2010-07-13 00:16   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ICS
2010-07-12 19:36 . 2010-07-13 18:26   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-12 19:21 . 2010-07-13 20:13   --------   d-----w-   c:\users\Owner\AppData\Roaming\Tific
2010-07-12 19:08 . 2010-07-14 13:05   --------   d-----w-   c:\programdata\Norton
2010-07-09 19:04 . 2010-07-09 19:04   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2010-06-27 23:40 . 2010-07-13 06:03   --------   d-----w-   c:\program files\Microsoft
2010-06-27 23:40 . 2010-06-27 23:40   --------   d-----w-   c:\program files\Microsoft(10)
2010-06-27 23:38 . 2010-06-27 23:38   --------   d-----w-   c:\program files\Microsoft.NET
2010-06-24 19:06 . 2010-04-14 17:47   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2010-06-24 19:06 . 2010-04-14 17:46   428544   ----a-w-   c:\windows\system32\EncDec.dll
2010-06-24 19:05 . 2009-11-08 17:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-24 19:05 . 2009-11-08 17:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-24 19:05 . 2009-11-08 17:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-24 19:05 . 2009-11-08 17:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-24 19:05 . 2009-11-08 17:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-24 01:15 . 2010-04-16 16:05   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-06-24 01:15 . 2010-04-16 14:17   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 01:01 . 2010-07-13 06:03   --------   d-----w-   c:\program files\iPod
2010-06-22 01:01 . 2010-06-22 01:01   --------   d-----w-   c:\program files\iPod(122)
2010-06-22 01:01 . 2010-07-13 06:03   --------   d-----w-   c:\program files\iTunes
2010-06-22 01:01 . 2010-06-22 01:02   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 01:01 . 2010-06-22 01:02   --------   d-----w-   c:\program files\iTunes(123)
2010-06-22 00:59 . 2010-07-13 06:03   --------   d-----w-   c:\program files\QuickTime
2010-06-22 00:59 . 2010-06-22 00:59   --------   d-----w-   c:\program files\QuickTime(165)
2010-06-22 00:54 . 2010-07-13 06:03   --------   d-----w-   c:\program files\Bonjour
2010-06-22 00:54 . 2010-06-22 00:54   --------   d-----w-   c:\program files\Bonjour(10)
2010-06-22 00:52 . 2010-06-22 00:52   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 00:25 . 2010-04-25 09:24   --------   d-----w-   c:\users\Owner\AppData\Roaming\LimeWire
2010-07-14 13:18 . 2010-02-16 23:10   --------   d-----w-   c:\program files\Defraggler
2010-07-14 13:06 . 2007-01-31 17:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-14 12:51 . 2008-07-17 01:15   --------   d-----w-   c:\users\Owner\AppData\Roaming\Xfire
2010-07-14 11:38 . 2008-07-17 01:15   --------   d-----w-   c:\program files\Xfire
2010-07-14 11:38 . 2008-07-17 01:15   --------   d-----w-   c:\programdata\Xfire
2010-07-14 06:08 . 2010-02-17 02:23   101667   ----a-w-   c:\programdata\nvModes.dat
2010-07-13 18:26 . 2010-07-13 18:26   805   ----a-w-   c:\windows\system32\drivers\SYMEVENT.INF
2010-07-13 18:26 . 2010-07-13 18:26   7443   ----a-w-   c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-13 06:03 . 2010-06-06 07:59   --------   d-----w-   c:\users\Owner\AppData\Roaming\Winamp
2010-07-13 06:03 . 2007-11-03 06:58   --------   d-----w-   c:\users\Owner\AppData\Roaming\Ventrilo
2010-07-13 06:03 . 2007-08-17 17:58   --------   d-----w-   c:\programdata\NVIDIA
2010-07-13 06:03 . 2010-06-06 08:00   --------   d-----w-   c:\program files\Winamp Detect
2010-07-13 06:03 . 2010-06-06 07:59   --------   d-----w-   c:\program files\Winamp
2010-07-13 06:03 . 2007-02-06 01:43   --------   d-----w-   c:\program files\Microsoft Works
2010-07-13 06:03 . 2008-09-08 05:29   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-07-13 06:03 . 2010-03-29 02:08   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2010-07-13 06:03 . 2007-03-02 02:15   --------   d-----w-   c:\program files\Common Files\LightScribe
2010-07-13 06:03 . 2010-04-25 09:24   --------   d-----w-   c:\program files\Ask.com
2010-07-13 06:03 . 2007-08-12 20:12   --------   d-----w-   c:\program files\Common Files\Apple
2010-07-10 18:27 . 2010-03-29 02:06   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
2010-06-27 23:31 . 2010-04-26 21:43   439816   ----a-w-   c:\users\Owner\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-22 02:02 . 2007-07-10 22:44   --------   d-----w-   c:\users\Owner\AppData\Roaming\Apple Computer
2010-06-09 05:28 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-06-08 00:21 . 2010-05-22 08:13   --------   d-----w-   c:\users\Owner\AppData\Roaming\Tropico 3
2010-06-04 08:18 . 2010-03-16 23:23   --------   d-----w-   c:\program files\Common Files\Blizzard Entertainment
2010-06-03 10:54 . 2007-08-13 04:03   --------   d-----w-   c:\program files\Google
2010-06-03 10:48 . 2009-07-16 02:58   --------   d-----w-   c:\users\Owner\AppData\Roaming\Darkfall US
2010-06-01 20:56 . 2009-11-25 11:11   --------   d-----w-   c:\program files\Steam
2010-05-26 16:16 . 2010-06-08 20:41   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-08 20:41   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-22 08:05 . 2010-05-22 08:05   --------   d-----w-   c:\program files\Kalypso
2010-05-19 23:56 . 2010-05-19 23:55   --------   d-----w-   c:\programdata\PMB Files
2010-05-19 23:55 . 2010-05-19 23:55   --------   d-----w-   c:\program files\Pando Networks
2010-05-18 23:35 . 2010-05-18 23:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-15 08:09 . 2010-05-15 07:55   43520   ----a-w-   c:\windows\system32\CmdLineExt03.dll
2010-05-09 18:33 . 2010-05-09 18:33   77312   ----a-w-   c:\users\Owner\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-05-04 05:59 . 2010-06-08 20:41   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 20:41   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-08 20:41   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-08 20:41   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-08 20:41   2036224   ----a-w-   c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 19:27   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-23 01:11 . 2010-04-23 01:11   658184   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-16 16:10 . 2010-06-08 20:41   1314816   ----a-w-   c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-24 01:15   459776   ----a-w-   c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-24 01:15   173056   ----a-w-   c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-24 01:15   2153984   ----a-w-   c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-24 01:15   541696   ----a-w-   c:\windows\AppPatch\AcLayers.dll
2007-01-31 17:23 . 2007-01-31 17:23   848   --sha-w-   c:\windows\System32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-07-15_00.14.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-15 00:24 . 2010-07-15 01:20   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-14 23:57 . 2010-07-15 00:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-15 00:24 . 2010-07-15 01:20   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-14 23:57 . 2010-07-15 00:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 19:11   1196936   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-26 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-23 108544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\ccHPx86.sys [2010-02-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys [2009-11-17 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS [2009-11-22 340016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2010-02-05 26120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-12 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO.sys

  • R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2006-12-10 51584]
    R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2006-12-10 364544]
    R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2006-12-10 162304]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe

  • R3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe

  • R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe

  • R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-15 570880]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [2009-11-26 172592]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{38F16D1B-D518-4ABF-84BB-9D919E0F0F6A}.job
    - c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: swtor.com\www
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tft48oag.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-14 18:31
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ... 

    scanning hidden autostart entries ...

    scanning hidden files ... 

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2010-07-14  18:32:22
    ComboFix-quarantined-files.txt  2010-07-15 01:32
    ComboFix2.txt  2010-07-15 00:15

    Pre-Run: 225,892,929,536 bytes free
    Post-Run: 225,785,401,344 bytes free

    - - End Of File - - 6036B9F0F8D94DD39E8FF6711333018A

Corrine

#14
July 15, 2010, 01:06:16 AM
If ComboFix didn't restart your computer, please shutdown/restart.  Then see if you can run the ESET online scan.

Thanks.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1 2
User actions